Hi, turning off the sandbox fixed the build, so this definitely is the issue….
I agree requiring access to /dev/random during the build is a bit weird, but
actually does make some sense in this case, the script being run is generating
an example output ROOT file for the tutorials, which includes filling some
histograms and tuples with random numbers.
Is it possible to flag at a port level that access to some areas is OK for
certain ports ? To be honest I would be surprised if there was, as it would
potentially allow ports to start turning off the protections the sandbox
provides willy nilly, but I thought I would ask ?
Failing that, yes, could we add /dev/random to the list of allowed areas ? Odd
yes, but in this case does make some sense…
cheers Chris
> On 13 Jun 2017, at 10:42 pm, Joshua Root <j...@macports.org> wrote:
>
> On 2017-6-14 07:05 , Daniel J. Luke wrote:
>> On Jun 13, 2017, at 4:57 PM, Christopher Jones <jon...@hep.phy.cam.ac.uk>
>> wrote:
>>> :info:build open('/dev/random'): Operation not permitted
>>>
>>> Now, this works outside. So I suspect the build is in some way prevent the
>>> build process from accessing this. Is this possible ? If so, more to the
>>> point, is there a way I can get this to work… ?
>> I suspect the sandbox doesn't include access to /dev/random (Macports
>> started using sandbox-exec with version 2.2.0)
>> As a temporary workaround (or to test this theory) you can add
>> "sandbox_enable no" to your macports.conf
>
> Our sandbox only restricts writes. Seems like the program is opening
> /dev/random with O_RDWR? Writing to it is technically allowed (though I don't
> know that it does anything on darwin), so we should probably add it to the
> sandbox exceptions, but I'm not sure why it would be needed.
>
> - Josh
smime.p7s
Description: S/MIME cryptographic signature
